[ubuntu/yakkety-security] apport 2.20.3-0ubuntu8.7 (Accepted)

[Leonidas S. Barbosa]

apport (2.20.3-0ubuntu8.7) yakkety-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

apport (2.20.3-0ubuntu8.6) yakkety; urgency=medium

  * test/test_signal_crashes.py: delete the test which uses an arbitrary
    unpredictable core file size.

apport (2.20.3-0ubuntu8.5) yakkety; urgency=medium

  * test/test_signal_crashes.py: a ulimit of 1M bytes isn't enough to produce
    a core file anymore so bump it to 10M.

apport (2.20.3-0ubuntu8.4) yakkety; urgency=medium

  * data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
    for package installation failures. (LP: #1692127)

apport (2.20.3-0ubuntu8.3) yakkety; urgency=medium

  * Resolve autopkgtest failures in test_backend_apt_dpkg.py due to issues
    with apt key ring. Thanks to Dimitri John Ledkov for the patch.
    (LP: #1651623)
  * Disable report.test_add_gdb_info_abort_glib test case for now, as the
    glib assertion message is broken under current Ubuntu (LP: #1689344)
  * data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
    every report. (LP: #1673557)

Date: 2017-07-17 22:38:13.646447+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/apport/2.20.3-0ubuntu8.7
-------------- next part --------------
Sorry, changesfile not available.